MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e
SHA3-384 hash: fef01374e9af25c35f7c46fda83c4b7e7399c5e7a2bc131d819dde66d7a33ca22c4db72ef435840ecd7932d1389abf20
SHA1 hash: 6e2ddd3e8841236893a5e34401998e3eb560a8bc
MD5 hash: 459c907fe86777d71bb161af51ac1229
humanhash: maryland-red-fruit-alanine
File name:b2e6c4b7873a97614d4f2026e6f02ea9.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-03-26 15:51:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:g0Xo8P5XErq294HyhTXgT603YfnzSDK5dj5YoSBTDhofMxVq:GuO4S9gT6rvzSDK9Yok5q
Threatray 5'067 similar samples on MalwareBazaar
TLSH 9FF3AE32DA41C031E2B241B5F67E0B7B483E4E34729565E6E3E429A06FB04A5F52E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1YgymN_kjwedeAoVudWl3vWXQM4vPy8DD

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 16:37:12 UTC
File Type:
PE (Exe)
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7cxw57uqklvww4437k7m4qvxf6lkqitnhwbgv5na672dnpjnrgha._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
0b80b458756d763bff9b687091162c3cef38203e797ca0fc49117739b1b169eb
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
9465c69c18144431c36b77e4b36534684c7717f1d9970eb522b8aef716dd2458
FormBook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'057 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

2282ba54903c90b4b40ad9696eceadda02501dbdccd78840eaa993cbb865e6aa

FormBook

Executable exe f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e

(this sample)

  
Dropped by
MD5 b2e6c4b7873a97614d4f2026e6f02ea9
  
Dropped by
MD5 402f63898cc9056f0a24cd092874ea79
  
Dropped by
GuLoader
  
Dropped by
SHA256 2282ba54903c90b4b40ad9696eceadda02501dbdccd78840eaa993cbb865e6aa
  
Dropped by
SHA256 6fa2d31d5956faab69966a27341585b1eba18760572fe943920134b9c1d211e1
  
URLhaus
https://urlhaus.abuse.ch/url/328955/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments